Nations ramping up cyber counter-strike capabilities [CyCon Tallinn]

snagfilms-a.akamaihd.netgrenade-cyber-b01e450b33a9c94c4177dc72c3fbc6dcd855feac-1.jpg

The often unclear nature of the capabilities currently available to hostile non-state actors in cyberspace is driving NATO, the U.S. and major global military powers to develop offensive counter-strike capabilities.

According to cyber experts, the omnipresent fear among national states is that sophisticated, low production cost cyber weapons could be used to attack critical state infrastructure. This fear is heightened by the danger that the same capability could be made available by terrorist organizations, such as ISIS, to criminal organizations.

The general consensus among experts at the Cyber Conflict (CyCon) conference in Tallinn is that not much is known about the offensive capabilities of terrorist groups or what types of new cyber weapons may be under development.

NATO and Western powers need to gain a better understanding of how the prospect for lower production costs may relate to the potential development and deployment of offensive weapons capabilities in cyberspace, said Max Smeets, a research affiliate of the cyber studies program at University of Oxford.

“It is important that we have a better grasp of costs relating to cyber weapons. This will be essential to understanding what actors – be they state, non-state, or criminal – are likely to attain what types of cyber capability in the future,” said Smeets.

The growth of offensive cyber capabilities in the militaries of Western powers will create the possibility for greater specialization in cyber weapon production. In particular, this will be true of the U.S. and leading European militaries.

“When dealing with offensive cyber weapons, we must weight the benefits against the risks. We cannot ignore the risks in defensive or offensive cyber weapons or strategies. What is certainly true is that work to build the offensive cyber weapons of the future is an area shrouded in secrecy,” Smeets said.

Established in 2009, the U.S. Cyber Command, has become a leading force in the development of cyber weapons, both defensive and offensive. Cyber Command has around 133 operational teams, enabling it to deploy specialized units to specific types of cyber operations – even if these units need to be integrated within a general force structure.

Predictive analysis tools can be deployed to better determine where non-state actors might launch cyberattacks such as malware strikes, said Kenneth Geers, a senior research scientist with cybersecurity solutions group Comodo.

Geers is also a non-resident senior fellow at the Atlantic Council’s Cyber Statecraft Initiative and a NATO Cooperative Cyber Defense Centre of Excellence (NATO CCD COE) ambassador (as well as a Fifth Domain commentator).

“Malware data tracking can be used to identify future major events. These same tools were used to predict the annex of Crimea. Cyber technologies can be used to track DAESH. In malware analysis we need to understand the patterns and where to look,” Geers said.

According to Geers, the expertise and malware analysis technologies exist to develop a forward looking cyberattack threat detection model that would use predictive modelling on “known actors.”